ADFS Multi Factor Authentication Providers

SecureMFA OTP Provider

It is a DLL file for Microsoft ADFS 2016 or ADFS 2019 servers. It enables ADFS servers to provide multi-factor authentication (MFA) using a Time-Based One-Time Password (TOTP) Algorithm which is based on RFC6238. Using this MFA provider users are required to enter a confirmation code, which is generated on their phones via authenticator application (Microsoft Authenticator , Google Authenticator etc.) after correctly entering their passwords.

Download the latest SecureMFA Time-base One-Time password provider for ADFS


Features

Localized English language

Run with ADFS Windows 2016 or 2019 (Should be working with ADFS 3.0 on Windows 2012 but it was never tested )

Enable self-registration with QR code (using free Microsoft verification, Google Authentication etc. mobile apps)

Logs are stored in Windows application log

Limitations

You must deploy the solution on each of your ADFS servers (not on Proxy Servers).

Works only with SQL Server Database, you must deploy the database on a separate SQL Server (WID is not supported)

Assemblies are using MS Framework 4.5 and Up and must be deployed in the GAC.

The Identity claim is by design UPN (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn)

SecureMFA Email TBP Provider

It is a DLL file for Microsoft ADFS 2016 servers. It enables ADFS servers to provide multi-factor authentication (MFA) using a Time Based Password. Using this MFA provider user is required to enter a confirmation code, which is generated and send to an email address associated with user’s Active Directory account.

Download the latest SecureMFA Email Time Based Password Provider for ADFS

Features

Localized English language

Run with ADFS Windows 2016 or 2019 (Should be working with ADFS 3.0 on Windows 2012 but it was never tested)

No shared storage required. Works fine with ADFS farm which runs using Windows Internal Database (WID)

Logs are stored in Windows application log

Limitations

You must deploy the solution on each of your ADFS servers (not on Proxy Servers).

Assemblies are using MS Framework 4.5 and Up and must be deployed in the GAC.

The Identity claim is by design UPN (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn)